Glasses2You : Organisation Privacy Notice :(Company Number 07294089)
We'll take all reasonable steps to keep your personal data secure. To help you understand it, here's why we need it and how we use it.
“1. Personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness, transparency’)”
- We have identified an appropriate lawful basis (or bases) for our processing.
- We don’t do anything generally unlawful with personal data.
- We have considered how the processing may affect the individuals concerned and can justify any adverse impact.
- We only handle people’s data in ways they would reasonably expect, or we can explain why any unexpected processing is justified.
- We do not deceive or mislead people when we collect their personal data.
- We are open and honest, and comply with the transparency obligations of the right to be informed.
Last Updated: June 2020
Superdrug Glasses Online contracted to “Glasses2You” (“we” or “us”) take the privacy of your information very seriously. Our Privacy Notice is designed to tell you, the user of our services about our practices regarding the collection, use and disclosure of personal information which may be provided to us via our websites, through PC, Tablet and mobile phone.
This notice applies to personal data provided by our users, whether they are a customer for our products or otherwise. In this notice “you” refers to any individual whose personal data we hold or process (other than our staff).
In this notice references to the “Site” are references to any website, app or other means by which you provide personal data to us or access our services.
- Who is responsible for what happens with your data?
Glasses2You Ltd. (“we”) act as Data Controller for the Superdrug Glasses Online service and are responsible for the collection and processing of your data on the Superdrug Glasses Online Site.
Your data is processed in the following countries: UK, China, and Romania (the location of our spectacle glazing labs) for the purpose of fulfilling your order.
- How do I contact the Data Protection Officer?
If you have any questions relating to how we process your personal data you can contact our Data Protection Officer, via email email@example.com, or by post Address: 216 Barnes Lane, Sarisbury Green, Southampton SO31 7BG
- Basis on which we process personal data
Personal data we hold about you will be processed either because:
- The processing is necessary in pursuit of a “legitimate interest”, meaning a valid interest we have, or a third party has in processing your personal data, which is not overridden by your interests in data privacy and security;
- You have consented to the processing for the specific purposes described in this notice; or
- The processing is necessary for us to comply with our obligations under a contract between you and us.
- What information we collect from you as a customer:
We may collect and process the following personal data (information that can be uniquely identified with you) about you:
- “Login Information”: Login details and information you provide when setting up an account on the Site;
- “Account Information”: Information you provide to us relating to your account or profile with us;
- “Contact Information”: Contact information we collect from you (for example, your name, address, telephone number, email address);
- “Order Information”: Information we collect which relates to orders you have placed with us, including products you have ordered, shipping destinations, the price of products you have ordered and any customisation;
- “Payment Information”: Information provided relating to payment. Please note, credit or debit card information may be supplied directly to our third party payment processor (Stripe), who will process the data in accordance with their own privacy notices or policies;
- “Communication Information”: A record and details of any correspondence or communication between you and us relating to any enquiry or complaint submitted to us;
- “Optometry Information”: Provided to us to fulfil your order for optical devices. This includes your prescription and any further information relating to your eyesight which our optical team may collect or receive from you;
Optometry Information is personal sensitive data which falls within certain ‘special categories’ which are defined in GDPR (for example, health data) and which require additional protection and consent measures.
When we collect Optometry Information from you, we will request your consent to process this data in accordance with this policy. You are not required to give your consent, but we will be unable to fulfil your order without your consent.
We will ensure that Optometry Information is used only to fulfil your order safely and that the product ordered is appropriate for you.
Other than Optometry Information, we will not collect any personal sensitive data without your prior consent.
The information is held on third party encrypted servers.
- What we use your information for:
- We ask for your name and address details so that we know where to send your order and for this reason only.
- As questions may arise regarding your order and prescription details and order requirements, we ask for your phone number (which is optional) and also for your email address.
- We will use either of these options to contact you with any queries so that we can promptly process your order.
- Your details will be stored on our system unless you request at any time that we delete all known records of them including any name address and phone details and email details.
- We do not sell these details to a third party for their use – your details are only ever held on our own servers for our own purposes.
We may also use your personal information in the following ways:
- To personalise your experience (Your information helps us to better respond to your individual needs)
- To improve our website. Any Feedback you give us via email or Trustpilot reviews is used to improve our service and your personal experience. (We continually strive to improve our website offerings based on the information and feedback we receive from you).
- To improve customer service. Your information helps us to more effectively respond to your customer service requests and support needs.
- To process transactions
- To administer a contest, promotion, survey or other site feature
- To send periodic emails
The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc.
Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or you can contact us to request that your email or any other personal details are deleted.
We have reviewed the purposes of our processing activities, and selected the most appropriate lawful basis (or bases) for each activity.
- We have checked that the processing is necessary for the relevant purpose, and are satisfied that there is no other reasonable and less-intrusive way to achieve that purpose.
- We have documented our decision on which lawful basis applies to help us demonstrate compliance.
- We have included information about both the purposes of the processing and the lawful basis for the processing in our privacy notice.
- What we do not use this information for:
- We do not use any of your personal information for tele-marketing, fax marketing or postal marketing.
- We do not collect any information via Phone or Tablet Applications/versions of our web site.
- Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
- Data retention policy:
We retain your information for as long as reasonably necessary to provide our products and services and to maintain records to satisfy tax and other legal requirements to a maximum of seven years, as required by HMRC.
- How we protect your information:
Your payment details are never at any time held on our servers or database and are only ever entered directly onto secure payment gateways and these details are always encrypted and secure. These payment gateways are currently Paypal and Stripe.
We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential. At no time is your payment or card information visible to any employees at Superdrug Glasses Online or Paypal or Stripe.
- Data you provide when emailing us:
You may periodically email our customer services as an existing customer or as a potential customer.
Our current email service will have your email address and we only use this to reply to your request.
We do hold an archive of historical emails and email addresses but we do not use this for any other purpose such as email marketing.
Yes (Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow cookies) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly. However, you can still place orders over the telephone or by contacting customer service.
We use analytics to monitor traffic behaviour on our site and to log visitor numbers and behaviour on our site.
This is all monitored by google using your IP address.
The customer’s IP address is not stored by Google in a database, or accessible to any client company, but it could potentially be accessed by a Google employee.
Glasses2You do not record or log customer IP addresses.
- Do we disclose any information to outside parties:
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, anonymous visitor information may be provided to other parties for marketing, advertising, or other uses.
- Third party links:
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
- Terms and Conditions:
Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our website:
- Your Privacy Rights:
The GDPR gives you the following rights in respect of personal data we hold about you:
The right to be informed
You have a right to know about our personal data protection and data processing activities, details of which are contained in this notice.
The right of access
You can make what is known as a Subject Access Request (“SAR”) to request information about the personal data we hold about you (free of charge, save for reasonable expenses for repeat requests). If you wish to make a SAR please contact us as described below.
The right to correction
Please inform us if information we hold about you is incomplete or inaccurate in any way and we will update our records as soon as possible, but in any event within one month.
The right to erasure (the ‘right to be forgotten’)
Please notify us if you no longer wish us to hold personal data about you (although in practice it is not possible to provide our services without holding your personal data). Unless we have reasonable grounds to refuse the erasure, on receipt of such a request we will securely delete the personal data in question within one month. The data may continue to exist in certain backup, but we will take steps to ensure that it will not be accessible.
The right to restrict processing
You can request that we no longer process your personal data in certain ways, whilst not requiring us to delete the same data.
The right to data portability
You have right to receive copies of personal data we hold about you in a commonly used and easily storable format (please let us know a format which suits you). You may also request that we transfer your personal data directly to third party (where technically possible).
The right to object
Unless we have overriding legitimate grounds for such processing, you may object to us using your personal data if you feel your fundamental rights and freedoms are impacted. You may also object if we use your personal data for direct marketing purposes (including profiling) or for research or statistical purposes. Please notify your objection to us and we will gladly cease such processing, unless we have overriding legitimate grounds.
Rights with respect to automated decision-making and profiling
You have a right not to be subject to automated decision-making (including profiling) when those decisions have a legal (or similarly significant effect) on you. You are not entitled to this right when the automated processing is necessary for us to perform our obligations under a contract with you, it is permitted by law, or if you have given your explicit consent.
Right to withdraw consent
If we are relying on your consent as the basis on which we are processing your personal data, you have the right to withdraw your consent at any time. Even if you have not expressly given your consent to our processing, you also have the right to object (see above).
All SARs and other requests or notifications in respect of your above rights must be sent to us in writing to our UK GDPR representative The Old Schoolhouse, 216 Barnes Lane, Sarisbury Green, Southampton, SO31 7BG, firstname.lastname@example.org
We will comply with such requests as soon as possible but in any event, we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
- Data Breaches
If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will when required report this to the Information Commissioner’s Office (ICO).
If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.
- Your Consent:
By pressing the ‘I consent’ button after having been made aware of the details included in our Privacy Notice Policy, we will assume consent to us using your data as described above, unless you choose to click on ‘No cookies thanks’.
- Raising a complaint with the data protection authorities:
If you think that the processing of Personal Data by us violates data protection laws, you can raise a complaint with the Information Commissioner in the UK on 0303 123 1113, or online at ico.org.uk, or you can write to the following address- Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. For the Republic of Ireland, you can contact the Data Protection Commissioner online at dataprotection.ie, or you can write to- Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28.